MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e70983ec4c9ca9fb06a1bf65ce8c03a640f4f2903e19962a31791f43aac8183f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e70983ec4c9ca9fb06a1bf65ce8c03a640f4f2903e19962a31791f43aac8183f
SHA3-384 hash: 23610b15b942b3a707d842a3a825774ce402672fcad6fa0241ef5efdf58825e06aca383ee5c5e644ece511a35e3472c5
SHA1 hash: c600439a47f0d785fd14238544a17f069618753c
MD5 hash: ebe79e90019f90e68a737ca2d8fda576
humanhash: alaska-nevada-fourteen-fruit
File name:lil.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:253 bytes
First seen:2025-12-05 18:12:46 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 6:St5/+yGMt5/+sLit5/+6NIl5sht5/+GFa0LKiX:Ah+wh+sLwh+6NIl5sDh+H0LK4
TLSH T190D09EBD756B53B70B44DF02E0664C90703B97DB94B1CB15B48DBC29B5AC6203132F55
Magika batch
Reporter abuse_ch
Tags:mirai sh
URLMalware sample (SHA256 hash)SignatureTags
http://213.209.143.64/arm7effcd4169edfb6ee63f1ee384950a19fe8b3187e07a5e8849ef9e921dabb413 Miraielf mirai ua-wget
http://213.209.143.64/arm5c1a704fbb0fb0a441537da2e3571b21f697bc3cc371c985af7789737e3f3ef70 Miraielf mirai ua-wget
http://213.209.143.64/arm6d093e3e8633a4b992141153ba4a9189a0bcae6422e96141f6caeacf27dcd0655 Miraielf mirai ua-wget
http://213.209.143.64/arm7f6a697c5b3d4fd4a10ac00d2c1d95d5a42860aca0cd027f2c161c0a6a1103f0a Miraielf mirai ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
23
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Detection(s):
SecuriteInfo.com.Linux.DownLoader.37.6925.28470.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
mirai
Link:
https://www.filescan.io/uploads/693320ecbba50eaf042365b2/reports/b6102538-972b-4017-a8d0-1af70376bee9/overview
Verdict:
Malicious
File Type:
text
First seen:
2025-12-05T20:50:00Z UTC
Last seen:
2025-12-05T21:02:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/e70983ec4c9ca9fb06a1bf65ce8c03a640f4f2903e19962a31791f43aac8183f/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/7c5243f8-16bd-4288-92be-8316b84f3cac
Behavior Graph:
Download SVG
%3 guuid=ebf3d240-1800-0000-c6a9-92a8fd0c0000 pid=3325 /usr/bin/sudo guuid=12446742-1800-0000-c6a9-92a8030d0000 pid=3331 /tmp/sample.bin guuid=ebf3d240-1800-0000-c6a9-92a8fd0c0000 pid=3325->guuid=12446742-1800-0000-c6a9-92a8030d0000 pid=3331 execve guuid=78009c42-1800-0000-c6a9-92a8050d0000 pid=3333 /usr/bin/wget net send-data write-file guuid=12446742-1800-0000-c6a9-92a8030d0000 pid=3331->guuid=78009c42-1800-0000-c6a9-92a8050d0000 pid=3333 execve guuid=cd69784a-1800-0000-c6a9-92a8110d0000 pid=3345 /usr/bin/chmod guuid=12446742-1800-0000-c6a9-92a8030d0000 pid=3331->guuid=cd69784a-1800-0000-c6a9-92a8110d0000 pid=3345 execve guuid=6866d14a-1800-0000-c6a9-92a8130d0000 pid=3347 /usr/bin/dash guuid=12446742-1800-0000-c6a9-92a8030d0000 pid=3331->guuid=6866d14a-1800-0000-c6a9-92a8130d0000 pid=3347 clone guuid=6ca66b4b-1800-0000-c6a9-92a8170d0000 pid=3351 /usr/bin/wget net send-data write-file guuid=12446742-1800-0000-c6a9-92a8030d0000 pid=3331->guuid=6ca66b4b-1800-0000-c6a9-92a8170d0000 pid=3351 execve guuid=114e1550-1800-0000-c6a9-92a8230d0000 pid=3363 /usr/bin/chmod guuid=12446742-1800-0000-c6a9-92a8030d0000 pid=3331->guuid=114e1550-1800-0000-c6a9-92a8230d0000 pid=3363 execve guuid=2ca25750-1800-0000-c6a9-92a8240d0000 pid=3364 /usr/bin/dash guuid=12446742-1800-0000-c6a9-92a8030d0000 pid=3331->guuid=2ca25750-1800-0000-c6a9-92a8240d0000 pid=3364 clone guuid=73238e51-1800-0000-c6a9-92a8280d0000 pid=3368 /usr/bin/wget net send-data write-file guuid=12446742-1800-0000-c6a9-92a8030d0000 pid=3331->guuid=73238e51-1800-0000-c6a9-92a8280d0000 pid=3368 execve guuid=1cd2dd57-1800-0000-c6a9-92a8300d0000 pid=3376 /usr/bin/chmod guuid=12446742-1800-0000-c6a9-92a8030d0000 pid=3331->guuid=1cd2dd57-1800-0000-c6a9-92a8300d0000 pid=3376 execve guuid=529a4358-1800-0000-c6a9-92a8320d0000 pid=3378 /usr/bin/dash guuid=12446742-1800-0000-c6a9-92a8030d0000 pid=3331->guuid=529a4358-1800-0000-c6a9-92a8320d0000 pid=3378 clone guuid=f6832659-1800-0000-c6a9-92a8350d0000 pid=3381 /usr/bin/wget net send-data write-file guuid=12446742-1800-0000-c6a9-92a8030d0000 pid=3331->guuid=f6832659-1800-0000-c6a9-92a8350d0000 pid=3381 execve guuid=92dccb5d-1800-0000-c6a9-92a8410d0000 pid=3393 /usr/bin/chmod guuid=12446742-1800-0000-c6a9-92a8030d0000 pid=3331->guuid=92dccb5d-1800-0000-c6a9-92a8410d0000 pid=3393 execve guuid=71e8095e-1800-0000-c6a9-92a8430d0000 pid=3395 /usr/bin/dash guuid=12446742-1800-0000-c6a9-92a8030d0000 pid=3331->guuid=71e8095e-1800-0000-c6a9-92a8430d0000 pid=3395 clone b3bc708e-8ccc-5219-9688-8bb7f25e7035 213.209.143.64:80 guuid=78009c42-1800-0000-c6a9-92a8050d0000 pid=3333->b3bc708e-8ccc-5219-9688-8bb7f25e7035 send: 132B guuid=6ca66b4b-1800-0000-c6a9-92a8170d0000 pid=3351->b3bc708e-8ccc-5219-9688-8bb7f25e7035 send: 133B guuid=73238e51-1800-0000-c6a9-92a8280d0000 pid=3368->b3bc708e-8ccc-5219-9688-8bb7f25e7035 send: 133B guuid=f6832659-1800-0000-c6a9-92a8350d0000 pid=3381->b3bc708e-8ccc-5219-9688-8bb7f25e7035 send: 133B
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/e70983ec4c9ca9fb06a1bf65ce8c03a640f4f2903e19962a31791f43aac8183f
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/e70983ec4c9ca9fb06a1bf65ce8c03a640f4f2903e19962a31791f43aac8183f/
Threat name:
Linux.Worm.Mirai
Create hunting rule
Status:
Malicious
First seen:
2025-12-05 18:14:28 UTC
File Type:
Text (Shell)
AV detection:
8 of 38 (21.05%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=44eyh3cmtsu7wbvbx5s45daduzapj4uqhymzmkrrpepuhkwida7q._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/251205-wvb59swpbz/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/e70983ec4c9ca9fb06a1bf65ce8c03a640f4f2903e19962a31791f43aac8183f

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh e70983ec4c9ca9fb06a1bf65ce8c03a640f4f2903e19962a31791f43aac8183f

(this sample)

Mirai

elf b5aff27502187e841763ff681cf081d735f719a7c06b1dbb79d4a34bd494d850

  
URLhaus
https://urlhaus.abuse.ch/url/3726260/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/3726365/
  
Dropping
MD5 b80a5b557bc108aa69502b1bc220f5b3
  
Dropping
SHA256 b5aff27502187e841763ff681cf081d735f719a7c06b1dbb79d4a34bd494d850

Comments